Protecting Critical Data

TrustZone technology provides a defense against malicious software attempting to tamper with critical data such as digital-rights management (DRM) counters. The basic premise of our solution is that the state of the flash can serve as a point of reference to detect when rollback has occurred. Our solution is embodied in a trusted software application that needs the protection provided by the TrustZone Secure World. This application represents the flashʹs state by generating a hash over a 32-byte sample of contiguous flash content, starting at a randomly selected address. The reference hash of the critical data is retrieved by decrypting the stored items just described and reversing the process. Next, the critical data itself is decrypted, and a new hash is generated from it. The new hash is compared with the reference hash to determine the critical dataʹs integrity.